Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/RMDB6gMXfrtTmWIrc-eFyDWvjA8.roa
File:                     RMDB6gMXfrtTmWIrc-eFyDWvjA8.roa (raw, json)
Hash identifier:          GVzUypSd1fZNP3R7rqeVrhxf+B3I3xeeeYXchU/dNhc=
Subject key identifier:   44:C0:C1:EA:03:17:7E:BB:53:99:62:2B:73:E7:85:C8:35:AF:8C:0F
Certificate issuer:       /CN=f6c3e027d2d1c2d36d7c954867226c83b65eb56f
Certificate serial:       0199C0336693DA072A7AFC3C7E6CBCDE0281
Authority key identifier: F6:C3:E0:27:D2:D1:C2:D3:6D:7C:95:48:67:22:6C:83:B6:5E:B5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/RMDB6gMXfrtTmWIrc-eFyDWvjA8.roa
Signing time:             Tue 07 Oct 2025 19:43:38 +0000
ROA not before:           Tue 07 Oct 2025 19:43:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213197
IP address blocks:        2a12:5844:1310::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c0:33:66:93:da:07:2a:7a:fc:3c:7e:6c:bc:de:02:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6c3e027d2d1c2d36d7c954867226c83b65eb56f
        Validity
            Not Before: Oct  7 19:43:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44c0c1ea03177ebb5399622b73e785c835af8c0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:37:e1:3d:2f:e8:94:78:bc:a9:a3:c5:a7:21:
                    7b:f5:fb:87:d3:84:d4:4c:ad:6e:c4:9e:84:2b:c6:
                    c5:07:88:fb:54:c7:c4:80:19:66:03:b9:49:fe:f2:
                    09:47:a8:15:fb:3e:c4:87:f3:46:1d:77:1f:f0:b4:
                    35:f3:fe:8f:ff:b7:3f:29:fe:c8:04:9f:25:42:45:
                    5e:3a:85:44:70:d7:43:76:39:ce:a8:43:d3:55:7b:
                    61:13:6b:50:b2:d4:2f:99:31:f1:92:90:d9:c5:7a:
                    00:c7:19:88:47:fd:74:55:3c:f6:04:08:ce:b5:da:
                    71:69:60:17:34:5a:3e:87:76:be:15:45:b6:a0:e5:
                    9a:40:93:7a:ee:1f:43:b1:b2:39:8b:7d:0a:bb:2d:
                    2c:71:0d:4f:9b:e9:da:fc:eb:cc:1f:8c:91:fd:3e:
                    9a:3c:33:66:7b:b1:4e:0d:6e:d2:93:58:7c:49:bb:
                    9d:45:e7:e5:ae:3e:37:3a:9d:82:48:2b:77:1f:7e:
                    f8:29:ff:d3:37:05:f3:9d:b5:90:94:bf:11:fa:f6:
                    2c:ef:5a:c4:f2:f9:ab:7f:f6:89:10:d1:85:47:66:
                    f3:cf:be:a8:95:e4:ab:be:b4:c0:51:ed:bc:a0:80:
                    8e:40:27:71:c3:53:e7:6b:c5:1f:3d:11:f1:2e:d2:
                    2e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C0:C1:EA:03:17:7E:BB:53:99:62:2B:73:E7:85:C8:35:AF:8C:0F
            X509v3 Authority Key Identifier:
                keyid:F6:C3:E0:27:D2:D1:C2:D3:6D:7C:95:48:67:22:6C:83:B6:5E:B5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/RMDB6gMXfrtTmWIrc-eFyDWvjA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5844:1310::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:62:f6:d2:9f:4d:5f:2f:54:d5:2b:ea:c4:72:15:06:68:d2:
         c2:92:d6:66:bd:20:2a:3f:c1:9f:d0:84:1d:dd:b8:15:95:32:
         86:8d:61:3f:54:3e:9c:a2:41:00:90:21:5f:bc:35:12:a6:1f:
         26:4a:1e:23:24:26:fa:8c:28:65:f4:28:d7:4f:66:d0:e5:57:
         1d:28:11:9f:dd:36:c8:53:1d:9f:7b:45:f5:ba:27:9d:8b:0a:
         6f:44:b5:be:92:30:5b:0b:86:5a:63:db:d5:f7:5a:d4:7d:a1:
         c5:61:65:b1:21:c1:21:06:71:08:2d:45:40:c2:b6:34:4b:30:
         6f:bb:0b:cb:fd:ad:89:3a:13:ed:2c:5b:f7:a0:0a:39:7c:1c:
         84:46:e3:49:79:c1:ac:16:94:97:90:ba:e3:dc:14:3b:3a:60:
         5e:52:db:76:08:9f:06:b8:46:5e:00:95:59:9d:6e:c7:98:0d:
         57:50:1a:ea:f6:69:92:d4:af:d3:61:8a:4d:fc:9d:f8:ee:a1:
         cf:9c:e5:b3:64:4a:97:e7:70:d3:44:79:7e:ef:48:f3:cd:16:
         55:0c:43:e5:66:69:65:0b:ec:79:f5:b7:50:98:ee:1c:57:5e:
         fa:11:f2:0f:4e:81:fd:72:02:b2:cd:3f:40:f8:37:7a:1a:bc:
         e9:89:18:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnAM2aT2gcqevw8fmy83gKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YzNlMDI3ZDJkMWMyZDM2ZDdjOTU0ODY3MjI2YzgzYjY1
ZWI1NmYwHhcNMjUxMDA3MTk0MzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGMwYzFlYTAzMTc3ZWJiNTM5OTYyMmI3M2U3ODVjODM1YWY4YzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojfhPS/olHi8qaPFpyF79fuH04TU
TK1uxJ6EK8bFB4j7VMfEgBlmA7lJ/vIJR6gV+z7Eh/NGHXcf8LQ18/6P/7c/Kf7I
BJ8lQkVeOoVEcNdDdjnOqEPTVXthE2tQstQvmTHxkpDZxXoAxxmIR/10VTz2BAjO
tdpxaWAXNFo+h3a+FUW2oOWaQJN67h9DsbI5i30Kuy0scQ1Pm+na/OvMH4yR/T6a
PDNme7FODW7Sk1h8SbudReflrj43Op2CSCt3H374Kf/TNwXznbWQlL8R+vYs71rE
8vmrf/aJENGFR2bzz76oleSrvrTAUe28oICOQCdxw1Pna8UfPRHxLtIuIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFETAweoDF367U5liK3Pnhcg1r4wPMB8GA1UdIwQY
MBaAFPbD4CfS0cLTbXyVSGcibIO2XrVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXNQZ0o5TFJ3dE50ZkpWSVp5SnNnN1pldFc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYjI4NzgtNWI3OS00MGY3LWI0YjUt
MzU2YzRkN2JiNDUyLzEvUk1EQjZnTVhmcnRUbVdJcmMtZUZ5RFd2akE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYjI4NzgtNWI3OS00MGY3LWI0YjUtMzU2YzRkN2JiNDUy
LzEvOXNQZ0o5TFJ3dE50ZkpWSVp5SnNnN1pldFc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhJYRBMQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAGYvbSn01fL1TVK+rEchUGaNLCktZmvSAqP8Gf
0IQd3bgVlTKGjWE/VD6cokEAkCFfvDUSph8mSh4jJCb6jChl9CjXT2bQ5VcdKBGf
3TbIUx2fe0X1uiediwpvRLW+kjBbC4ZaY9vV91rUfaHFYWWxIcEhBnEILUVAwrY0
SzBvuwvL/a2JOhPtLFv3oAo5fByERuNJecGsFpSXkLrj3BQ7OmBeUtt2CJ8GuEZe
AJVZnW7HmA1XUBrq9mmS1K/TYYpN/J347qHPnOWzZEqX53DTRHl+70jzzRZVDEPl
ZmllC+x59bdQmO4cV176EfIPToH9cgKyzT9A+Dd6GrzpiRgO
-----END CERTIFICATE-----